#!/usr/bin/perl
use Socket;

$SIG{INT} = ("CtlBreak");

if (! $ARGV[0]) { &Usage; }

our @Domains = qw (0 1 2 3 4 5 6 7 8 9 a abc abcde accounting accounting1 accounting2 accounting3 achilles achilles1 achilles2 
                achilles3 admin administrator add addme added all account actual astroid adns apptitude allzeros apassword ant aunt 
		admin1 admin2 admin3 alien alpa alpa1 alpa2 alpa3 any any1 any2 any3 apache apache1 apache2 apache3 arc arc1 arc2 arc3 archive 
		archive1 archive2 archive3 aroma b backup backup1 backup2 backup3 bak bak1 bak2 bank bank1 bank2 bank3 bdc bdc1 bdc2 bdc3 be bigger 
		blackberry blanket blood blow blue blueline boat bob bone bot botnet boy bsd burning c cable cafe cafe1 cafe2 cafe3 california camera 
		cname cancer capture cartoon cat catbox cd cdr cdrw chat chat1 chat2 chat3 chevy china cia circle clock clown code code1 code2 code3 coke 
                command command1 command2 command3 config config1 config2 config3 consult consult1 consult2 consult3 consulting consulting1 consulting2 
		consulting3 cool correct correct1 correct2 correct3 crypt cvs cvs1 cvs2 cvs3 d dark data data1 data2 data3 davidson db db1 db2 db3 
		de deadly debian debian1 debian2 debian3 deep dell demo demo1 demo2 demo3 dev dev1 dev2 dev3 devel devel1 devel2 devel3 deploy dhcp dhcp1 
		dhcp2 dhcp3 digital dk dmx dmz dmz1 dmz2 dmz3 dns doc doc1 doc2 doc3 dodge dog doom dope double down dump dutch dvd dvd-r e eagle economy 
		economy1 economy2 economy3 edu edu1 edu2 edu3 eng eng1 eng2 eng3 employee engineering engineering1 engineering2 engineering3 english es eth0 
		eth1 eth2 eth3 f fa0 faster fax fbi file file1 file2 file3 fire firewall firewall1 firewall2 firewall3 firm firm1 firm2 firm3 fish 
		flashlight folder folder1 folder2 food foot ford forum forum1 forum2 forum3 fox fr free free1 free2 free3 freebsd freebsd1 freebsd2 
		freebsd3 frown ftp ftp1 ftp2 ftp3 fxp fxp1 fxp2 fxp3 g gaem2 game game1 game3 gamer games games1 games2 games3 gateway gateway1 
		gateway2 gateway3 ghost girl glaw glitter global global1 global2 global3 god god1 god2 god3 goodbye gov green gw gw1 gw2 gw3 h h4x hax0r
		hacker hair halo harley hash hax hbo hdavidson head helix hello help help1 help2 help3 hire home home1 home2 home3 honda host host1 
		host2 host3 hp hpov hpov1 hpov2 hpov3 hr hr1 hr2 hr3 https human hybrid i ibm ids ids1 ids2 ids3 image image1 image2 image3 imap 
		imap1 imap2 imap3 img img1 img2 img3 indian info info1 info2 info3 insert intel interanet1 interanet2 interanet3 internet internet1 
		internet2 internet3 internal intra intra1 intra2 intra3 intranet intrude intruder ip ips ips1 ips2 ips3 ipv6 irc irc1 irc2 irc3 ircd ircd1 ircd2 
		ircd3 isis it j jean jersey john john1 john2 john3 jp k keyboard keylog kink kinks korean kr l lab lab1 lab2 lab3 lake lan lan1 lan2 
		lan3 law law1 law2 law3 ldap ldap1 ldap2 ldap3 lea leo lep library library1 library2 library3 lick light linux linux1 linux2 linux3 
                litter little lips lizard local local1 local2 local3 lottery loud lounge lunch m mad maddon mail mail1 mail2 mail3 malware  
		manager manager1 manager2 manager3 mandrake mandrake1 mandrake2 mandrake3 marketing marketing1 marketing2 marketing3 mars mars1 
		mars2 mars3 mcast mcast1 mcast2 mcast3 mdoem modem member member1 member2 member3 mental metro mike mike1 mike2 mike3 mini mini1 
		mini2 mini3 mississippi monitor monitor1 monitor2 monitor3 motorcycle mouse movie movies mp3 ms ms1 ms2 ms3 msn msn1 msn2 msn3 
		mssql music mysql mx mx1 mx2 n nashville national net net1 net2 net3 news news1 news2 news3 newyork nix nl nms nms1 nms2 nms3 no 
		nope ns ns1 ns2 ns3 nsa ntp ntp1 ntp2 ntp3 o office office1 office2 office3 offline online open openbsd openbsd1 openbsd2 openbsd3 
		openview openview1 openview2 openview3 ouija orange org org1 org2 org3 ov ov1 ov2 ov3 owned p paper pay pcap pdc pdc1 pdc2 pdc3 pdf pdf1 
		pdf2 pdf3 pds pds1 pds2 pds3 pepsi peter peter1 peter2 peter3 pgsql phone phone1 phone2 phone3 photo picture pictures pillage 
		pillager police police1 police2 police3 pop3 pope pops popssl portal portal1 portal2 portal3 pos0 postgres pot power power1 power2 
		power3 ppt ppt1 ppt2 ppt3 president printer printer1 printer2 printer3 priv private privip proj proj1 proj2 proj3 project project1 
		project2 project3 prv prv1 prv2 prv3 ptr puppy pwn pwnd q quake quake1 quake2 quake3 qwerty ra rae rai ri radius radius1 radius2 radius3 redhat 
                redhat1 redhat2 redhat3 rdp remote redline rnd rnd1 rnd2 rnd3 rock router router1 router2 router3 rt rt1 rt2 rt3 russian s sand sandbox 
	 	sandnet sandy satarn sav sav1 sav2 sav3 save save1 save2 save3 science science1 science2 science3 Se0 se1 se2 se3 search 
		search1 search2 search3 secret secret1 secret2 secret3 serious serv serv1 serv2 serv3 server server1 server2 server3 service 
		service1 service2 service3 shadow share shed shine shoveit showtime sissors slurpee smile smnp sms sms1 sms2 sms3 smtp smtp1 smtp2 
		smtp3 snacks sniff snmp snoop soapbox soa soc soc1 soc2 soc3 soda sof sof1 sof2 sof3 solaris solaris1 solaris2 solaris3 song sony 
		source source1 source2 source3 sparkle spot spots sql src src1 src2 src3 ssd ssh ssl staff staff1 staff2 staff3 stain staging star stars 
		stash stats status stiff still stock stock1 stock2 stock3 stream stream1 stream2 stream3 streaming streaming1 streaming2 
		streaming3 stretch stronger subaru suck suicide sun super suse suse1 suse2 suse3 switch switch1 switch2 switch3 t tacacs tacacs1 
		tacacs2 tacacs3 taxi tcpdump team team1 team2 team3 tech tech1 tech2 tech3 testbed testbed1 testbed2 testbed3 tftp tftp1 tftp2 
		tftp3 tivli tivli1 tivli2 tivli3 touch toyota triplew txt tux tux1 tux2 tux3 u ubuntu ufo uk unix unreal unreal1 unreal2 unreal3 ups 
                ups1 ups2 ups3 uranus uranus1 uranus2 uranus3 us usss v venture venture1 venture2 venture3 venus venus1 venus2 venus3 video vista 
		vlan vlan1 vlan2 vlan3 voip voip1 voip2 voip3 vpn w w3 wall wall1 wall2 wall3 warez warez1 warez2 warez3 washington watch web 
		web1 web2 web3 webcam webmail webmail1 webmail2 webmail3 weezer wemail wep wep1 wep2 wep3 whatever white whois whois1 whois2 
		whois3 wifi win winblows windows windows1 windows2 windows3 wire wireless write wizard woody work work1 work2 work3 www www1 www2 www3 
		w3 x xxx xyz y yoyo z zzz zero zeus zeus0 zeus2 zeus3 zilch zip zipper zombie zoo av4 philes f4ck);

print ("Starting.\n");
our $WCCheck = 127.0.0.1;
our $WildCard;
our $FoundIp;

# Check the domain root

our $FoundIp = inet_ntoa(inet_aton("$ARGV[0]") || 0.0.0.0 || "$WCCheck");
	if ($FoundIp ne "0.0.0.0" and $FoundIp ne "$WCCheck") { print ("SUCCESS - DOMAIN FOUND! :: $ARGV[0] ($FoundIp)\n"); $WCCheck = "$FoundIp";}
our $WildCard = inet_ntoa(inet_aton("wildcardcheckdomain-123.$ARGV[0]") || 127.0.0.127);
	unless  ($WildCard =~ "127.0.0.127") { print "WARNING - DOMAIN HAS A WILDCARD RECORD. IGNORING RESPONSES WITH IP :: $WildCard\n"; }

# Check each sub domain
foreach (@Domains) {
	our $FoundIp = inet_ntoa(inet_aton("$_.$ARGV[0]") || 0.0.0.0 || "$WCCheck");
	if ($FoundIp ne "0.0.0.0" && $FoundIp ne "$WildCard") { print ("SUCCESS - DOMAIN FOUND! :: $_.$ARGV[0] ($FoundIp)\n"); }

}
print ("Finished.\n");
exit 0;

sub CtlBreak {
	print ("*** SIGINT (ctl-c) caught. Exiting\n");
	exit 255;
}

sub Usage {
	print ("DomainBrute - DNS Mapper. NMA, 2007\n");
	print ("This program will brute force guess subs for a given domain.\n");
	print ("Usage: $0 <Domain Name>\nExample: $0 yoursite.net\n\n");
	exit 0;
}
